#!/bin/sh
#black and release IP
#*/5 * * * * root /bin/sh /root/black_ip.sh
echo 'input param:';
echo "{$1}";
echo "{$2}";
echo "{$3}";




#LogFile=/www/wwwlogs/okr.35.com.log
LogFile=$1
#tmpdiv=$2 # /tmp
whitefile=$3 # white.txt
listfile="$2/ip.list";
tmpfile="$2/ip.tmp";

#release IP
if [ -f "${listfile}"  ];then
  for IP in `cat "${listfile}"`
  do
    iptables -D INPUT -p tcp -s "${IP}" -m multiport --dports 80,443 -j DROP
  done
fi


#check IP
tail -3000 "${LogFile}"|grep " 404 " |awk '{print "$1"}'|sort|sort|uniq -c|sort -rn|awk '$1>10 {print $2}'  > "${tmpfile}"
 # shellcheck disable=SC2002
 cat "${tmpfile}" |grep -v 127.0.0.1|grep -v 218.5.81|grep -v "^$" > "${listfile}"


#deny IP
# shellcheck disable=SC2046
# shellcheck disable=SC2006
# shellcheck disable=SC2002
if [ `cat "${listfile}"|wc -l` -eq 0  ];
then
  echo "no ip"
  exit 0
fi

# shellcheck disable=SC2013
for IP in `cat "${listfile}"`
do
  grep -w "${IP}" "${whitefile}" && continue
  iptables -I INPUT -p tcp -s ${IP} -m multiport --dports 80,443 -j DROP
  echo "${IP}"
done
